begin: Hempstah T <lugod@os2man.cjb.net> quote
> * Mark K. Kim <markslist@cbreak.org> [010919 20:30], about
>
> :I was wondering if apt-get (the program that auto-updates Debian files?)
> :downloads files securely (ie - signed downloads)? I feel the auto-updates
> :are one of the biggest advantages of Debian but I'd be reluctant to try
> :it if the daily updates of packages are insecure downloads.
>
> Signed package support is an upcoming feature for apt-get (iirc).
ajay, do you remember where you heard this? i've also been wondering about
this issue.
> wouldn't really worry about all that stuff too much, it's definitely a
> possible concern always, basically anytime you download anything from
> anywhere it's possible that someone's doing something funny with the
> package. I doubt any of us consistently check package signatures
> personally!
agreed. also, the debian website makes md5sums available for every package.
if you suspect funny business, you can always download the package itself (as
opposed to using apt-get) and check it by hand.
i'm not sure i'd trust redhat's ftp site or rpmfind any more or less than
debian's package sites.
> (who just had a guy from Pac Bell come over, hopefully that'll be the last
> time I'll have to see a DSL guy! (He seems to have been the, if not one of
> the, most knowledgeable people I've dealt with. He switched the two lines
> in my house around at the b-box (sp?), since the other is more reliable.))
interesting. it's also been my experience that "pacbell" is alot more
knowledgeable and helpful in person than over the phone.
overall, i i've heard an overwhelming majority of people say that omsoft
is a better way to go than pacbell. i haven't had as much trouble with
pacbell as, say, bill. but i think i've been fairly lucky with pacbell.
pete
--
"The following addresses had permanent fatal errors..." p@dirac.org
-- Mailer Daemon www.dirac.org/p